All of my index*.* were modified this morning. They all had this tag line in them.
My site is setup where you goto cutritefx.com and it takes you to an index.html page that after 2 seconds it sends you to cutritefx.com/store
When I tried to access cutritefx.com AVG would come up and tell me that this site was
[COLOR=“Red”]infected "Virus found HTML/FRAMER[/COLOR]
I could goto my store and access it with no problem, After trying to find out what was going on the next thing you know I could not access my store without getting an error.
All index*.* files in every directory were changed with the tag above.
I thought I would check my friends site since he is also on godaddy to see if it was just me. His was also down.
I called godaddy and they checked the server and found nothing abnormal. They thought that this could be coming from me. Since I have ftp access to both of these sites. Or this could be some kind of back door in cs-cart.
My friend has no index.html. When you go to his site it just takes you right to the store.
Anyone have any idea on how this happen. I have since then replaced all the index.php files from a restore. The database and other files all seem to be fine.
GoDaddy got hacked as per usual, don’t expect system security to improve as you are hosted with every other person on the planet who doesn’t understand system security.
Sorry to hear that you’ve got trouble mate, but you’ll need to find all index.php files and remove the iframe.
Not only that, but your customers might have issues once google gets the domain listed as malware.
I had to edit the links in your posts, which where direct links to a trojan horse virus, this happened to us today also and our host said it was because we had an infected computer and indeed we did, so you too must have a trojan horse virus on your computer, most likely Mal_FakeAV-9 but it could be another variant, you need to run a virus scan on your computer AND change all your username/passwords for all your sites AND then make sure you DO NOT set your FTP software to remember your passwords, everyone who visited your site now has the virus…
[url]http://threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?vname=MAL_FAKEAV-9[/url]
[quote name=‘JesseLeeStringer’]GoDaddy got hacked as per usual, don’t expect system security to improve as you are hosted with every other person on the planet who doesn’t understand system security.
Sorry to hear that you’ve got trouble mate, but you’ll need to find all index.php files and remove the iframe.
Not only that, but your customers might have issues once google gets the domain listed as malware.[/QUOTE]
This was only for about an hour. I caught it quick and have already restored a back up from the day before. I logged into ftp and confirmed ALL index.php and index.html where fixed. So don’t think google really saw anything.
the virus changed more then just the index files, you need to check your logs, these are the files that were hacked by the virus on our system:
/public_html/addons/discussion/controllers/admin/index.post.php
/public_html/addons/index.php
/public_html/addons/webmail/lib/webmail/web/admin/index.php
/public_html/addons/webmail/lib/webmail/web/admin/main-center-calendar.php
/public_html/addons/webmail/lib/webmail/web/admin/main-center-db.php
/public_html/addons/webmail/lib/webmail/web/admin/main-center-interface.php
/public_html/addons/webmail/lib/webmail/web/admin/main-center-login.php
/public_html/addons/webmail/lib/webmail/web/admin/main-center-settings.php
/public_html/addons/webmail/lib/webmail/web/admin/main-center-users.php
/public_html/addons/webmail/lib/webmail/web/admin/main-foot.php
/public_html/addons/webmail/lib/webmail/web/admin/main-left.php
/public_html/addons/webmail/lib/webmail/web/admin/main-top.php
/public_html/addons/webmail/lib/webmail/web/classic/index.php
/public_html/addons/webmail/lib/webmail/web/common/index.php
/public_html/addons/webmail/lib/webmail/web/db/index.php
/public_html/addons/webmail/lib/webmail/web/help/default.htm
/public_html/addons/webmail/lib/webmail/web/help/index.php
/public_html/addons/webmail/lib/webmail/web/images/index.php
/public_html/addons/webmail/lib/webmail/web/index.php
/public_html/addons/webmail/lib/webmail/web/lang/index.php
/public_html/addons/webmail/lib/webmail/web/libs/index.php
/public_html/addons/webmail/lib/webmail/web/mime/index.php
/public_html/addons/webmail/lib/webmail/web/skins/index.php
/public_html/addons/webmail/lib/webmail/web/wmserver/index.php
/public_html/controllers/admin/index.php
/public_html/controllers/customer/index.php
/public_html/controllers/index.php
/public_html/core/index.php
considering the origins of this virus are from .ru and so is cs it sure is interesting…
snorocket;57063,
Thanks for the heads up. I did take a look at things when this happen and the site was infected for about an hour. The first thing I did was replace the index.php in the root of the store. Then logged into admin and closed the store.
Then used godaddy feature to restore ALL files back to yesterday. This took about 15 minutes or so. I then checked the dates of ALL the index.php ect files and they were back as they were yesterday.
I took the infected laptop offline and is doing a scan now. As I also changed passwords to the ftp. Good thing I only had 2 ftp sites listed on the laptop which were the sites that were infected. Good thing there were only 2.
Thanks again,
anyone else’s store get hit?
seems weird that 2 of our CS 2.06 sites got hacked, none of the 1.3.5+ were touched, and none of the other 20+ dir’s were touched, tells me the virus specifically went after CS 2.0+
[quote name=‘snorocket’]anyone else’s store get hit?
seems weird that 2 of our CS 2.06 sites got hacked, none of the 1.3.5+ were touched, and none of the other 20+ dir’s were touched, tells me the virus specifically went after CS 2.0+[/quote]
Nope,
I checked all client websites that have 2.0.6 and all are clean.
[quote name=‘JesseLeeStringer’]Nope,
I checked all client websites that have 2.0.6 and all are clean.[/QUOTE]
yea yea yea yea whatever…
[quote name=‘snorocket’]anyone else’s store get hit?
seems weird that 2 of our CS 2.06 sites got hacked, none of the 1.3.5+ were touched, and none of the other 20+ dir’s were touched, tells me the virus specifically went after CS 2.0+[/QUOTE]
Off my root directory I had a forum folder and a blog folder. They also got hit. My cs-cart is in a store folder not in the root. So may not be just cs cart. Who knows.
in addition we also found out that the virus managed to remove critical perl modules for cpanel, the host is resolving the issue right now and replacing the infected modules…
[quote name=‘snorocket’]yea yea yea yea whatever… :)[/quote]
They were and still are
On a more serious front, yes they are all clean but they don’t have anything more than a wordpress blog.
Well I found this had to come from one of my work computers. One of the computers had a problem last week. And it just so happens that this computer had cuteftp setup for 3 sites. All 3 were compromised with this same problem. Wiped this system with a restore cd now all good. So I somehow caught this **** and this must have looked for ftp access and found cuteftp and went at it. Good thing godaddy keeps backup’s of our sites.
Scotty
Virus Free for today…
I realize that talk about antivirus software can be just about the most boring topic of discussion…so, I will keep it short!
We use Eset Smart Security bundled product on our networked PC’s (NOD32 antivirus, firewall, email filtering/spam), and after trying what has to be every other possible choice, we no longer even think of possibly switching.
If you haven’t yet tried ESET NOD32 antivirus on your PC’s, then you don’t know what your missing…it just plain works day in / day out & is so behind the scenes, you almost forget you have it installed…, nuf said!
Zonealarm Internet Security Suite for me.
$49.95 for 3 PC licenses for the year. Plus if you signup for the newsletter you can get the $90 equivalent for 3 PCs for $30 (So I bought a total of 9 licenses)
[QUOTE]Zonealarm Internet Security Suite for me.[/QUOTE]
It ain’t even on the same playing field!
Fine, chew on this for awhile!
[url]http://www.eset.com/products/compare-NOD32-vs-competition.php[/url]
[quote name=‘Stuck’]It ain’t even on the same playing field!
Fine, chew on this for awhile!
[URL]http://www.eset.com/products/compare-NOD32-vs-competition.php[/URL][/quote]
I use the Eset suite and I also would never consider another one.
You do not want to save a few dollars and compromise security.
[quote name=‘Stuck’]It ain’t even on the same playing field!
Fine, chew on this for awhile!
[URL]http://www.eset.com/products/compare-NOD32-vs-competition.php[/URL][/quote]
Suck on this lol
[url]Learn Bitcoin, buy Bitcoin
I’m very much proactive against threats and so I settled on ZoneAlarm for verious reasons:
Operating System Firewall.
I can block specific programs from accessing the my network based upon local access (another PC) or internet access (my server)
Program and Program Component controls
eg. No more nasty license checks or “update / upgrade now” notifications.
Anti-Virus (meh) / Anti-spyware.
Uses the Kaspersky virus database (rated 2nd from that list) as well as having inbuilt anti-malware scanning and removal. I’ve never had a virus issue in 5 years go figure I’m happy
Gaming mode
Stops internet based prompts for me to allow/deny internet access.
Email Scanning
Standard stuff these days
Ad Blocking (I do seo so I can’t use it anyway lol)
Identity lock (Never use it as I never use my credit-card online)
Parental controls (heh…)
Logs.
Just in case something does cause strife, I know where to remove it from
or get a MAC lol
I WIN!
[quote name=‘ETInteractive’]or get a MAC lol
I WIN! :p[/quote]